> Hello,
> I've ran into a sticky situation.  I currently have a ASP.NET
> web project, this project uses webservices to receive XML from various
> locations.  One of the locations requires a x509 certificate in order
> for it to work properly.  All was good until they sent us a new
> certificate two weeks ago.  Now using the export *.cer method I can no
> longer hit there webservice.  They tell me that anything thats going
> wrong is on my end.  After much playing around with it, I decided to
> try the CryptoAPI way instead, which would be just to hit the actual
> certificate store and gather all the certs in a collection and pull
> the one that i need directly from it and apply it to the
> httpwebrequest object.  I wrote up a small C# console app, this app is
> very basic its just going to the store gathering the certs then
> applying the cert to a webrequest object then hitting the URL.  As a
> console app this works just fine.  I adjusted my console app to become
> a compiled DLL.  I then add a reference to my VB project of that DLL.
> But now I cannot grab any certificates from any store.  I believe this
> has to do with the fact that the console app is running under a
> different user context than my vb.net web project.  My question would
> be how can get my ASP.NET web project to actually have access to the
> certificate store?  I've followed along on
> http://msdn2.microsoft.com/en-us/library/aa302408.aspx
> this page numerous times giving permission to the ASPNET/
> NetworkService/Administrator users to that particular certificate.
> but nothing will access it.  Its currently residing on both my
> certificates of my local user as well as the certificates of my local
> computer.  Is there anyway to get this to work properly?  The code
> that is being based off of is from the microsoft page that explains
> the two ways to access the certificate. The *.cer way and the
> CryptoAPI way.  Any information would be greatly appreciated.

> I wrote a little tool - this lets you choose the right cert (in you case
> the cert must be in the local computer/personal) store - it will then open
> the security dialog for the corresponding private key.
>
> Have a look at the source code to open the right cert store...
>
> http://www.leastprivilege.com/HowToGetToThePrivateKeyFileFromACertifi...
>
> If this does not work you have to provide us a little more info (exception
> etc..)
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > Hello,
> > I've ran into a sticky situation.  I currently have a ASP.NET
> > web project, this project uses webservices to receive XML from various
> > locations.  One of the locations requires a x509 certificate in order
> > for it to work properly.  All was good until they sent us a new
> > certificate two weeks ago.  Now using the export *.cer method I can no
> > longer hit there webservice.  They tell me that anything thats going
> > wrong is on my end.  After much playing around with it, I decided to
> > try the CryptoAPI way instead, which would be just to hit the actual
> > certificate store and gather all the certs in a collection and pull
> > the one that i need directly from it and apply it to the
> > httpwebrequest object.  I wrote up a small C# console app, this app is
> > very basic its just going to the store gathering the certs then
> > applying the cert to a webrequest object then hitting the URL.  As a
> > console app this works just fine.  I adjusted my console app to become
> > a compiled DLL.  I then add a reference to my VB project of that DLL.
> > But now I cannot grab any certificates from any store.  I believe this
> > has to do with the fact that the console app is running under a
> > different user context than my vb.net web project.  My question would
> > be how can get my ASP.NET web project to actually have access to the
> > certificate store?  I've followed along on
> >http://msdn2.microsoft.com/en-us/library/aa302408.aspx
> > this page numerous times giving permission to the ASPNET/
> > NetworkService/Administrator users to that particular certificate.
> > but nothing will access it.  Its currently residing on both my
> > certificates of my local user as well as the certificates of my local
> > computer.  Is there anyway to get this to work properly?  The code
> > that is being based off of is from the microsoft page that explains
> > the two ways to access the certificate. The *.cer way and the
> > CryptoAPI way.  Any information would be greatly appreciated.

> On May 10, 3:42 pm, Dominick Baier
> <dbaier@pleasepleasenospam_leastprivilege.com> wrote:
>> I wrote a little tool - this lets you choose the right cert (in you
>> case the cert must be in the local computer/personal) store - it will
>> then open the security dialog for the corresponding private key.
>>
>> Have a look at the source code to open the right cert store...
>>
>> http://www.leastprivilege.com/HowToGetToThePrivateKeyFileFromACertifi
>> ...
>>
>> If this does not work you have to provide us a little more info
>> (exception etc..)
>>
>> -----
>> Dominick Baier (http://www.leastprivilege.com)
>> Developing More Secure Microsoft ASP.NET 2.0 Applications
>> (http://www.microsoft.com/mspress/books/9989.asp)
>>
>>> Hello,
>>> I've ran into a sticky situation.  I currently have a ASP.NET
>>> web project, this project uses webservices to receive XML from
>>> various
>>> locations.  One of the locations requires a x509 certificate in
>>> order
>>> for it to work properly.  All was good until they sent us a new
>>> certificate two weeks ago.  Now using the export *.cer method I can
>>> no
>>> longer hit there webservice.  They tell me that anything thats going
>>> wrong is on my end.  After much playing around with it, I decided to
>>> try the CryptoAPI way instead, which would be just to hit the actual
>>> certificate store and gather all the certs in a collection and pull
>>> the one that i need directly from it and apply it to the
>>> httpwebrequest object.  I wrote up a small C# console app, this app
>>> is
>>> very basic its just going to the store gathering the certs then
>>> applying the cert to a webrequest object then hitting the URL.  As a
>>> console app this works just fine.  I adjusted my console app to
>>> become
>>> a compiled DLL.  I then add a reference to my VB project of that
>>> DLL.
>>> But now I cannot grab any certificates from any store.  I believe
>>> this
>>> has to do with the fact that the console app is running under a
>>> different user context than my vb.net web project.  My question
>>> would
>>> be how can get my ASP.NET web project to actually have access to the
>>> certificate store?  I've followed along on
>>> http://msdn2.microsoft.com/en-us/library/aa302408.aspx
>>> this page numerous times giving permission to the ASPNET/
>>> NetworkService/Administrator users to that particular certificate.
>>> but nothing will access it.  Its currently residing on both my
>>> certificates of my local user as well as the certificates of my
>>> local
>>> computer.  Is there anyway to get this to work properly?  The code
>>> that is being based off of is from the microsoft page that explains
>>> the two ways to access the certificate. The *.cer way and the
>>> CryptoAPI way.  Any information would be greatly appreciated.
> This is all an automated processes, and i can't have people selecting
> certificates everytime they run this.  Are you telling me theres no
> way to setup access to the cert stores for an ASPNET/NetworkService
> account?  I'm not getting any exceptions the problem is that
>
> storeHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
> CERT_SYSTEM_STORE_CURRENT_USER, "MY");
>
> IntPtr currentCertContext;
> currentCertContext = CertEnumCertificatesInStore(storeHandle,
> (IntPtr)0);
> These two lines don't return the IntPtr handles that they do when
> running it as a console app.  The OPEN will return a handle when its
> pointing to the CERT_SYSTEM_STORE_CURRENT_USER but
> not ....LOCAL_MACHINE constant. but then the
> CertEnumCertificatesInStore will always return 0 when running from the
> ASP.NET web project.  Since returning zero my loop to gather the
> individual certs fails since it has no intptr to an actual value.  Is
> there anyway to get those two functions to properly work in the
> context of an ASPNET web project written in VB using a C# DLL added as
> a reference.  Does this make any sense to you or anyone out there?  Is
> there any work around which would allow this to all occur in the
> background with no user interaction.  Any more information would be
> appreciated.
> Not only will this not work, but I'm still curious as to why doing
> what I originally did with this webservice.... inserting them into the
> stores... then using the WinHttpCertCfg.exe to apply access to the
> NetworkService / ASPNET users.  Then exporting it and attaching the
> exported file to a httpwebrequest object... That was simple as pie to
> originally setup but now that doesn't work which is the reason i've
> moved to the CryptoAPI way.  The client said they added an additional
> certificate authority when they sent me the new certificate.  I for
> some reason believe that has something to do with this not working the
> original way anymore.  Any information about this would also be
> greatly appreciated.
>